◆ Day 0 + 36 runbook entries · 29 published

The Runbook.

Real incidents. Real fixes. Mapped 1:1 to scenarios in troubleshoot-kubernetes-like-a-pro. Deploy the broken config, debug it, apply the fix.

DAY 00
Day 0 — Spin Up a Real Kubernetes Cluster in One Command
Before you debug a single Pending pod, you need a real cluster. Here is how to get one on AWS, GCP, or Azure with a single command — and the Terraform that makes it boring.
Setup
2026-03-19
8 min read
DAY 01
RunContainerError in Kubernetes: Why Your Pod Never Starts
The kubelet pulled the image, runc tried to exec, and nothing happened. Here is the one line that tells you why.
App
2026-03-20
6 min read
DAY 02
CrashLoopBackOff in Kubernetes: Read the Exit Code First
A status, a timer, and an exit code. Learn to read all three and you debug in sixty seconds instead of forty minutes.
App
2026-03-21
6 min read
DAY 03
ErrImagePull in Kubernetes: Typo, Auth, or Network?
One status, three completely different fixes. The describe event tells you which one you are actually looking at.
Image
2026-03-22
5 min read
DAY 04
ImagePullBackOff in Kubernetes: The Timer on Top of the Error
Same cause as ErrImagePull, plus a backoff clock that makes the cluster look broken when it is just being polite.
Image
2026-03-23
5 min read
DAY 05
Kubernetes Pod Running But Not Ready: Readiness Probe Failures Explained
STATUS says Running. READY says 0/1. Users see 503s. Here is where the pod is hiding.
Probes
2026-03-24
5 min read
DAY 06
Liveness Probe Killing Your Kubernetes Pods? Read This First
Exit code 137 with clean app logs means the probe is the murderer. Here is how to catch it in the act.
Probes
2026-03-25
4 min read
DAY 07
Liveness and Readiness Failing Together: Why Startup Probes Exist
Two probes, one bug, two outages. Read the event ages and you will know the order of operations.
Probes
2026-03-26
4 min read
DAY 08
Why Is Your Kubernetes Pod Stuck in Pending? The Real Fix
45 minutes staring at a Pending pod, a Slack channel on fire, and one line of kubectl output that finally made sense.
Scheduling
2026-03-27
7 min read
DAY 09
Pod Affinity Violation in Kubernetes: The Silent Pending Trap
The scheduler will wait forever for an affinity rule that can never be satisfied, and it will never tell you out loud.
Scheduling
2026-03-28
3 min read
DAY 10
Node Affinity in Kubernetes: The Hostname Typo That Pending'd My Pod
One wrong letter in a hostname inside a nodeAffinity block, and the scheduler goes silent for an hour.
Scheduling
2026-03-29
3 min read
DAY 11
Taints and Tolerations in Kubernetes: Why Your Pod Won't Land on Any Node
Half the Pending pods I have debugged in my career were a missing toleration. Here is the mental model that ends the confusion.
Scheduling
2026-03-30
3 min read
DAY 12
Cluster Autoscaler Not Scaling Up? The 4 Signals to Check First
Twenty replicas asking for CPU the cluster does not have, and an autoscaler that stays silent. Here is the debug path.
Scheduling
2026-03-31
4 min read
DAY 13
Kubernetes Resource Limits Must Be Greater Than Requests: Here's Why
One of the few Kubernetes errors that fails loudly at apply time, and the one most people still misread.
Resources
2026-04-01
4 min read
DAY 14
OOMKilled in Kubernetes: Why the Linux Kernel Murdered Your Pod
Memory limits, cgroups, and the OOM score nobody reads. Why your container is dead and the node is perfectly fine.
Resources
2026-04-02
4 min read
DAY 15
CrashLoopBackOff from Tight Memory Limits: The 2-Minute Fix
Pod created. Pod killed. Pod created. Pod killed. Welcome to the forever loop.
Resources
2026-04-03
3 min read
DAY 16
Kubernetes cgroup OOM: When the Kernel Kills Before kubectl Knows
Your pod metrics look fine. The kernel disagrees. Here is what lives beneath kubectl.
Resources
2026-04-04
3 min read
DAY 17
Kubernetes volumeMount References Undefined Volume: The Typo Fix
API rejects the pod, the error scrolls past, and you lose an hour to one missing block.
Storage
2026-04-05
3 min read
DAY 18
The 5 Reasons Your Kubernetes PVC Never Binds
Pending forever. No events. No provisioner. Here is the five-minute diagnosis.
Storage
2026-04-06
3 min read
DAY 19
Read-Only Filesystem in Kubernetes: The Volume Permission Fix
readOnlyRootFilesystem is a security win and a 2AM footgun. Here is how to get both.
Storage
2026-04-07
3 min read
DAY 20
Kubernetes Disk I/O Errors: Pod Symptoms, Node Root Cause
The container is crashing. The node is the reason. Here is how to prove it in 90 seconds.
Storage
2026-04-08
3 min read
DAY 21
Pod Evicted from Disk Pressure in Kubernetes: The Ephemeral Storage Fix
Your pod is healthy. The node is out of disk. Guess who gets evicted.
Storage
2026-04-09
4 min read
DAY 22
Kubernetes Service Returns Nothing? Check targetPort First
The pod runs, the service exists, curl returns refused. One number was wrong.
Network
2026-04-10
4 min read
DAY 23
hostPort Conflicts in Kubernetes: Why Your Pod Is Stuck Pending
Two containers, one host port, zero useful error messages. Here is what is happening.
Network
2026-04-11
4 min read
DAY 24
LoadBalancer Stuck on <pending>? It Is Probably Your Selector
The cloud provider is fine. Your Service selector matches nothing. Here is the five-minute fix.
Network
2026-04-12
4 min read
DAY 25
Kubernetes Ingress 404? Check These 4 Things Before nginx Logs
IngressClass, TLS secret, host, path. One of these four is why your Ingress is silent.
Network
2026-04-13
4 min read
DAY 26
It Is Always DNS: Debugging CoreDNS Failures in Kubernetes
The pod is healthy, the Service is up, nslookup hangs. The five-hop debug.
Network
2026-04-14
4 min read
DAY 27
NetworkPolicy Default-Deny Broke My Whole Namespace. Here Is the Fix
One default-deny egress policy, one black-hole namespace, one very long pager night.
Network
2026-04-15
4 min read
DAY 28
Pod Cannot Reach External API? It Is Probably Egress NetworkPolicy
Cluster-to-cluster is fine. Cluster-to-Stripe is dead. The rule that hides in plain sight.
Network
2026-04-16
4 min read
DAY 29
Kubernetes ServiceAccount Forbidden? Here's What Your RBAC Actually Says
The pod is Running. The controller is silent. The API server is quietly returning 403 and nobody is reading the audit log.
RBAC
SOON
DAY 30
I Ran Kubernetes Pods as Root for 2 Years. Then the Auditor Called.
runAsNonRoot, runAsUser, fsGroup, allowPrivilegeEscalation. The four lines that turn a SOC2 finding from red to green.
Security
SOON
DAY 31
The hostPID Footgun: One Line That Shows You Every Process on the Node
A pod with hostPID: true is not a pod, it is a node-wide observation deck. Here is exactly what an attacker sees.
Security
SOON
DAY 32
SELinux Denied Your Kubernetes Pod. kubectl Has No Idea.
Profile mismatches, denied syscalls, and the audit2allow loop you should never run blind.
Security
SOON
DAY 33
RunPodSandbox Failed: When Kubernetes CRI Says No Before Your Image Pulls
RuntimeClass not found, sandbox failures, the layer below containerd where kubelet and CRI disagree.
Cluster
SOON
DAY 34
kubectl drain Stuck? Your PodDisruptionBudget Is Lying About 'Available'
Voluntary disruptions, minAvailable, and the PDB somebody wrote eighteen months ago that now blocks your upgrade.
Cluster
SOON
DAY 35
35 Days of Kubernetes — What Nobody Tells You About Running Clusters in Production
The upgrade matrix, deprecated APIs, why you cannot skip a minor, and the honest lessons from thirty-five scenarios in the dark.
Cluster
SOON
DAY 36
Day 36 — The Unified Playbook (35 Scenarios, One Brain)
Thirty-five scenarios in five weeks. Here is the single mental model that ties them together — and the repo you can keep coming back to.
Wrap
SOON

Day 0 — Spin Up a Real Kubernetes Cluster in One Command

RunContainerError in Kubernetes: Why Your Pod Never Starts

CrashLoopBackOff in Kubernetes: Read the Exit Code First

ErrImagePull in Kubernetes: Typo, Auth, or Network?

ImagePullBackOff in Kubernetes: The Timer on Top of the Error

Kubernetes Pod Running But Not Ready: Readiness Probe Failures Explained

Liveness Probe Killing Your Kubernetes Pods? Read This First

Liveness and Readiness Failing Together: Why Startup Probes Exist

Why Is Your Kubernetes Pod Stuck in Pending? The Real Fix

Pod Affinity Violation in Kubernetes: The Silent Pending Trap

Node Affinity in Kubernetes: The Hostname Typo That Pending'd My Pod

Taints and Tolerations in Kubernetes: Why Your Pod Won't Land on Any Node

Cluster Autoscaler Not Scaling Up? The 4 Signals to Check First

Kubernetes Resource Limits Must Be Greater Than Requests: Here's Why

OOMKilled in Kubernetes: Why the Linux Kernel Murdered Your Pod

CrashLoopBackOff from Tight Memory Limits: The 2-Minute Fix

Kubernetes cgroup OOM: When the Kernel Kills Before kubectl Knows

Kubernetes volumeMount References Undefined Volume: The Typo Fix

The 5 Reasons Your Kubernetes PVC Never Binds

Read-Only Filesystem in Kubernetes: The Volume Permission Fix

Kubernetes Disk I/O Errors: Pod Symptoms, Node Root Cause

Pod Evicted from Disk Pressure in Kubernetes: The Ephemeral Storage Fix

Kubernetes Service Returns Nothing? Check targetPort First

hostPort Conflicts in Kubernetes: Why Your Pod Is Stuck Pending

LoadBalancer Stuck on <pending>? It Is Probably Your Selector

Kubernetes Ingress 404? Check These 4 Things Before nginx Logs

It Is Always DNS: Debugging CoreDNS Failures in Kubernetes

NetworkPolicy Default-Deny Broke My Whole Namespace. Here Is the Fix

Pod Cannot Reach External API? It Is Probably Egress NetworkPolicy

Kubernetes ServiceAccount Forbidden? Here's What Your RBAC Actually Says

I Ran Kubernetes Pods as Root for 2 Years. Then the Auditor Called.

The hostPID Footgun: One Line That Shows You Every Process on the Node

SELinux Denied Your Kubernetes Pod. kubectl Has No Idea.

RunPodSandbox Failed: When Kubernetes CRI Says No Before Your Image Pulls

kubectl drain Stuck? Your PodDisruptionBudget Is Lying About 'Available'

35 Days of Kubernetes — What Nobody Tells You About Running Clusters in Production

Day 36 — The Unified Playbook (35 Scenarios, One Brain)